Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-1709— Authentication bypass using an alternate path or channel

CVSS 10.0 · Critical KEV · Ransomware EPSS 94.32% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-1709

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Authentication bypass using an alternate path or channel
Source: NVD (National Vulnerability Database)
Vulnerability Description
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用候选路径或通道进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
ConnectWise ScreenConnect 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ConnectWise ScreenConnect是ConnectWise公司的一种自托管远程桌面软件应用程序。 ConnectWise ScreenConnect 23.9.7及之前版本存在安全漏洞,该漏洞源于受到使用备用路径或通道绕过身份验证的影响,可能允许攻击者直接访问机密信息或关键系统。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
ConnectWiseScreenConnect 0 ~ 23.9.7 -

II. Public POCs for CVE-2024-1709

#POC DescriptionSource LinkShenlong Link
1ScreenConnect AuthBypass(cve-2024-1709) --> RCE!!!https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCEPOC Details
2A Scanner for CVE-2024-1709 - ConnectWise SecureConnect Authentication Bypass Vulnerabilityhttps://github.com/HussainFathy/CVE-2024-1709POC Details
3CVE-2024-1709 ConnectWise ScreenConnect auth bypass patch WORK 2.0 https://github.com/tr1pl3ight/POCv2.0-for-CVE-2024-1709POC Details
4Nonehttps://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-BypassPOC Details
5Nonehttps://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708POC Details
6Event ID 229 Rule Name SOC262 ScreenConnect Authentication Bypass Exploitation Detected (CVE-2024-1709)https://github.com/AhmedMansour93/Event-ID-229-Rule-Name-SOC262-CVE-2024-1709-POC Details
7ScreenConnect AuthBypass Mass RCEhttps://github.com/AMRICHASFUCK/Mass-CVE-2024-1709POC Details
8ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-1709.yamlPOC Details
9A Python tool to check & exploit CVE-2024-1708 & CVE-2024-1709 in ConnectWise ScreenConnecthttps://github.com/Teexo/ScreenConnect-CVE-2024-1709-ExploitPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-1709

登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: ScreenConnect
Same vendor: ConnectWise
Same weakness: CWE-288

V. Comments for CVE-2024-1709

No comments yet

Leave a comment